Now that curl has its own license file, it should be also added to
`MISC-FREE` license group, just like Gentoo.
Simply sync `license_groups` with Gentoo.
Now that curl >= 7.70 requires its own license file, we need to make
it included in the SDK, so that `/var/gentoo/repos/gentoo/licenses/curl`
can be available. Without that file, the image build step fails due to
a missing license file for curl.
We need to update net-misc/curl to 7.74.0, mainly to address the
following security issues:
* CVE-2020-8169
* CVE-2020-8231
* CVE-2020-8284
* CVE-2020-8285
* CVE-2020-8286
Github Actions for Rust started failing with following errors:
```
Error: Unable to process command '::set-env name=PULL_REQUEST_NUMBER::718' successfully.
Error: The `set-env` command is disabled. Please upgrade to using
Environment Files or opt into unsecure command execution by setting the
`ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For
more information see:
https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
```
It happens because we have used peter-evans/create-pull-request@v2,
which did not have a bug fix for the set-env issue.
The bug was fixed in create-pull-request
[v3.4.1](https://github.com/peter-evans/create-pull-request/releases/tag/v3.4.1).
So we just need to update the version to `v3`, which already includes
v3.4.1.
It is already possible to enable kernel config `CONFIG_DEBUG_INFO_BTF`
using dwarves 1.18 included in the current Flatcar SDK, as long as its
arch is amd64.
However, Kernel build fails in case of arm64, when Kernel version is
>= 5.9 and dwarves version is <= 1.18, like the following:
```
+ pahole -J .tmp_vmlinux.btf
PAHOLE: Error: Found symbol of zero size when encoding btf
(sym: '__kvm_nvhe_arm64_ssbd_callback_required', cu: '../source/arch/arm64/kernel/cpu_errata.c').
PAHOLE: Error: Use '-j' or '--force' to ignore such symbols and force emit the btf.
../source/scripts/link-vmlinux.sh: line 141: 1929102 Segmentation fault
```
The bug was fixed via
https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/?id=2e719cca6672,
("btf_encoder: revamp how per-CPU variables are encoded").
The fix was first included in dwarves
[1.19](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.19).
Thus we need to get dwarves 1.19 included in Flatcar SDK, so that the
next Alpha Kernels could have `CONFIG_DEBUG_INFO_BTF` enabled.
This commit introduces Flatcar specific modification
to the Gentoo recipes for updating to gcc-9.3.0 introduced
in the previous commit. The changes are required
in order to make things build with the Flatcar SDK.
The commit also removes old, stale, unused recipes.
The changes include:
dev-util/perf/perf-4.9.13.ebuild: fix binutils ebuild RDEPEND
dev-util/perf/perf-5.8.ebuild: remove python3_{8} compat; unmask arm64, amd64
sys-devel/binutils: remove old, stale versions
sys-devel/binutils/binutils-2.35.ebuild: backport to EAPI6 because our
outdated emerge does not handle BDEPEND dependencies correctly,
resulting in BDEPEND being pulled in as runtime deps.
Unmask for amd64 and arm64.
sys-devel/binutils/binutils-9999.ebuild: backport to EAPI6
net-dns/dnsmasq: remove old, stale versions
sys-devel/crossdev: remove old versions
sys-devel/gcc: remove old versions
sys-devel/gcc/gcc-9.3.0-r1.ebuild: use EAPI6 because of emerge
BDEPEND issue (see above)
sys-devel/libtool/libtool-2.4.6-r6.ebuild: use EAPI6 because of emerge
BDEPEND issue (see above)
sys-kernel/linux-headers: remove old versions
ys-kernel/linux-headers/linux-headers-5.8.ebuild: unmask for amd64, arm64
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
This commit includes the necessary changes to upgrade the SDK
compiler to gcc-9.3.0. The changes include:
eclass: update toolchain.eclass to EAPI7
acct-(user|group): add dnsmasq user / group
net-dns/dnsmasq: update to dnsmasq-2.82
dev-util/perf: update to perf-5.8.ebuild
sys-devel/binutils: update to binutils-2.35.ebuild
sys-libs/binutils-libs: update to binutils-libs-2.35.ebuild
sys-devel/crossdev: update to crossdev-20200801.ebuild
sys-devel/gcc: update to gcc-9.3.0-r1.ebuild
sys-devel/libtool: update to libtool-2.4.6-r6.ebuild
sys-kernel/linux-headers: update to linux-headers-5.9.ebuild
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
To build Kernel with `CONFIG_DEBUG_INFO_BTF`, we need to get pahole, a
part of dwarves included in the Flatcar SDK.
So simply import `dev-util/dwarves` from upstream Gentoo.
To be able to build `net-fs/samba` 4.11, we need to import
`net-libs/gnutls` from upstream Gentoo. Since gnutls is one of the
hard requirements of upstream Samba, we are not able to disable the
dependency on gnutls.
Now that `dev-lang/tcl` is included in SDK, we can now build
dev-db/sqlite without having to rely on third-party patches
in coreos-overlay.
So simply sync sqlite with Gentoo upstream, and update to the latest
version 3.33.0.
Now that dev-libs/glib was updated to 2.64.5, we need to also update
dev-util/gdbus-codegen to 2.64.5.
Otherwise we would see strange slot conflicts like:
```
* Error: The above package list contains packages which cannot be
* installed at the same time on the same system.
(dev-libs/glib-2.64.5:2/2::portage-stable, ebuild scheduled for merge) pulled in by
>=dev-libs/glib-2.58.3:2 required by (dev-util/gdbus-codegen-2.58.3:0/0::portage-stable, binary scheduled for merge)
(dev-util/gdbus-codegen-2.58.3:0/0::portage-stable, binary scheduled for merge) pulled in by
dev-util/gdbus-codegen required by (coreos-base/hard-host-depends-0.0.1-r194:0/0::coreos, binary scheduled for merge)
```
The bootstrap_sdk stage still requires `sys-apps/makedev` to be
available, as listed in `profiles/default/linux/packages.build`.
We need to bring it back to make the SDK build work again.
This reverts commit df8159f565972eb31455ff5e4cbfba8c4a12bb52.
To make the SDK build work again, we need to bring back dev-db/sqlite
3.31.1 in portage-stable. It is not enough to have it in coreos-overlay.
This reverts commit 4a7a4e3d272812963c3cd21431d1849ca9df11e4.
Update net-libs/libpcap to 1.9.1, to address security issue
CVE-2019-15163, an issue of allowing attackers to cause a denial of
service (NULL pointer dereference and daemon crash) if a crypt() call
fails.
Update rsync to 3.2.3, actually to update zlib bundled in rsync.
It is to address security issue CVE-2016-9841, an issue of allowing
context-dependent attackers to have unspecified impact by leveraging
improper pointer arithmetic.
Update app-misc/jq to 1.6-r3, to address security issue CVE-2015-8863.
It is mainly to fix off-by-one error in the tokenadd function. It allows
remote attackers to cause a denial of service (crash) via a long
JSON-encoded number, which triggers a heap-based buffer overflow.
Improve body text of each PR for `virtual/rust`, by mentioning that
it should be merged together with its paired PR in coreos-overlay.
Explicitly name `virtual/rust` instead of `Cargo`, because there is
no more ebuild for `cargo`.
Rename the dispatched event-type name to `rust-pull-request-main`, as
`cargo` has already disappeared.
Make the repository-dispatch action receive additional client-payload with
a field `coreos-overlay-pull-request-number` sent by the corresponding PR
in coreos-overlay. The PR number is then used for adding a link in the body
text, for pointing back to the PR in coreos-overlay.
pkg-config 0.29 or newer introduced a macro `PKG_CHECK_MODULES_STATIC`,
which is needed by ebuilds like dev-util/strace >= 5.5.
So we should update pkg-config to 0.29.2, to avoid such issues.
(see 0efb668bd5)
```
***** autoconf *****
***** PWD: /build/amd64-usr/var/tmp/portage/dev-util/strace-5.6/work/strace-5.6
***** autoconf --force -I /build/amd64-usr/usr/share/aclocal
configure:17585: error: possibly undefined macro: PKG_CHECK_MODULES_STATIC
```
